eG Help

Agents Administration - Tests

Default Parameters for AWSAmazonWAFTest

By default, this test automatically discovers the rules configured in the AWS Web Application Firewall. For each rule, the test reports the count of requests that fulfill at least one of the specifications of that rule and that have been allowed and/or blocked as per that rule. This will enable administrators to figure out how many requests are allowed and/or blocked by each rule, and in the process, identify those rules that may have been configured incorrectly (eg., rules that were defined to block certain requests, but are allowing them), and/or poorly (eg., rules that are blocking less requests than they should). Such rules are candidates for deletion or fine-tuning.

This page depicts the default parameters that need to be configured for the AWSAmazonWAFTest.

The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

To monitor an Amazon EC2 instance, the eG agent has to be configured with the access key and secret key of a user with a valid AWS account. For this purpose, we recommend that you create a special user on the AWS cloud, obtain the access and secret keys of this user, and configure this test with these keys. To know the procedure for this, click here. Specify the access key and secret key so obtained in the AWS ACCESS KEY and AWS SECRET KEY text boxes. Make sure you reconfirm the access and secret keys you provide here by retyping it in the CONFIRM AWS ACCESS KEY and CONFIRM AWS SECRET KEY text boxes.

In some environments, all communication with the AWS EC2 cloud and its regions could be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the PROXY HOST and PROXY PORT parameters. By default, these parameters are set to none, indicating that the eG agent is not configured to communicate via a proxy, by default.

If the proxy server requires authentication, then, specify a valid proxy user name and password in the PROXY USER NAME and PROXY PASSWORD parameters, respectively. Then, confirm the password by retyping it in the CONFIRM PASSWORD text box. By default, these parameters are set to none, indicating that the proxy sever does not require authentication by default.

If a Windows NTLM proxy is to be configured for use, then additionally, you will have to configure the Windows domain name and the Windows workstation name required for the same against the PROXY DOMAIN and PROXY WORKSTATION parameters. If the environment does not support a Windows NTLM proxy, set these parameters to none.

In the EXCLUDE REGION text box, you can provide a comma-separated list of region names or patterns of region names that you do not want to monitor. For instance, to exclude regions with names that contain ‘east’ and ‘west’ from monitoring, your specification should be: *east*,*west*.

By default, the WAF FILTER NAME parameter is set to Rule. In this case therefore, the test will report metrics for each rule that is configured. To override this default setting, you can pick the WebACL option from this drop-down. In this case, this test will report metrics per WebACL.

Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.